Hyperledger Composer Web application user authentication

see https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/trading.js#L21 but use FileSystemCardStore instead of MemoryCardStore - we have an issue on documentation for this right now - https://github.com/hyperledger/composer/issues/3088 the general flow is :

Issue identity, businessNetworkConnection.issueIdentity(NS + '#' + userData.id, userData.user); .... var userCard = new IdCard({...}); userCard.setCredentials(credentials); ...

Import Card: adminConnection.importCard(userCardName, userCard); .... .then(() => { //

Connect to the business network: (using the blockchain identity ...

businessNetworkConnection = new BusinessNetworkConnection({ cardStore: cardStore }); 
businessNetworkConnection.connect(userCardName); } ...

For all subsequent connects from that user (eg. from the web application he/she is logged into) :

bizNetworkConnection.connect(`${cardName})

ON user registration bit, once you received the registration payload, you can use Composer to create a participant and composer (blockchain) identity for that user - then create the card as above, connect to it (to get the certificate downloaded) then export that card, to be shared with the user that just registered. Using REST you can import the card (that has a connection profile that knows how to connect to the Composer runtime) then they can interact with the business network.

Do user registration / authentication, don't have samples (others may answer in time)..

where cardname is for example the user id or email address, and execute whatever data changes or transactions you want.

So for example for POST /items when using JWT:

  • check if it has a valid token with request
  • create new BusinessNetworkConnection (above) or obtain from a pool
  • connect to this BusinessNetworkConnection by passing in the userId/cardname which you get from the token - which will retrieve the card from the cardstore
  • once connected, the user can interact with the business network

On authentication, obviously REST Server endpoints can be secured (with connect gateways secured for outward consumption). Have you considered using JWT as a strategy and/or considered Node-Red for registration/auth flow ?

Anyway these resources may help give you some insights:

https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52

https://www.compose.com/articles/authenticating-node-red-with-jsonwebtoken/

hope this helps.